VYPR

Operator Terminal Expert

by EcoStruxure

CVEs (8)

  • CVE-2020-7497CriJun 16, 2020
    risk 0.64cvss 9.8epss 0.02

    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer…

  • CVE-2020-7544HigNov 19, 2020
    risk 0.51cvss 7.8epss 0.00

    A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator…

  • CVE-2020-7496HigJun 16, 2020
    risk 0.51cvss 7.8epss 0.01

    A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write access when opening the project file.

  • CVE-2020-7494HigJun 16, 2020
    risk 0.51cvss 7.8epss 0.01

    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project…

  • CVE-2020-7493HigJun 16, 2020
    risk 0.51cvss 7.8epss 0.01

    A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the…

  • CVE-2022-41671HigNov 4, 2022
    risk 0.46cvss 7.0epss 0.00

    A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of…

  • CVE-2022-41666HigNov 4, 2022
    risk 0.46cvss 7.0epss 0.00

    A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or…

  • CVE-2020-7495MedJun 16, 2020
    risk 0.36cvss 5.5epss 0.01

    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access…